pony | b22f65de15a3506679e8281fe50ab70cfeb874cd80c1ecdda16e200919332798 | Triage

Sharing

General

Target

2573b356452dd5ee24c10537fa4848d882fa40a2a8fa5a181624ba460e1f769a.zip
Size

41KB
Sample

201104-dmyp55fwza
MD5

b2c141b7be51e1d24ca0f852e79788aa
SHA1

ffef31714540c3150cb1dd2ab858bcfcb02908cf
SHA256

b22f65de15a3506679e8281fe50ab70cfeb874cd80c1ecdda16e200919332798
SHA512

5c8fb0507dac56048aea0dfaa724c102d7c2abc0f6b786ebef76de9ac179c0b0fffed44d29adf97c866615b3679496bf96e3a027ce6669c0f8dd19ef7a78f931

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Targets

- Target
  
  2573b356452dd5ee24c10537fa4848d882fa40a2a8fa5a181624ba460e1f769a
- Size
  
  90KB
- MD5
  
  6b645fbf570f4d09f059d8fed734fa3e
- SHA1
  
  83f12011bfaa99ac994fa5b9003ff4a7123d4f14
- SHA256
  
  2573b356452dd5ee24c10537fa4848d882fa40a2a8fa5a181624ba460e1f769a
- SHA512
  
  ec428673fa3c881de143689b679fcc190897068a7cbee509c8ff6eaa0792ec8951c5b6b620de2c116cccfc3954ed71c142eb19397dcca5a6198f1e7b5d7a45ac
Score

10^/10

pony discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer